HylaFAX The world's
most advanced open source fax server
|
|
[
Date Prev][
Date Next][
Thread Prev][
Thread Next]
[
Date Index]
[
Thread Index]
Re: [hylafax-users] PAM authentication and JobProtection
Giuseppe Sacco wrote:
Hi Lee,
thanks for your prompt reply.
Il giorno gio, 09/12/2010 alle 21.14 -0800, Lee Howard ha scritto:
[...]
Consequently for this to be resolved hfaxd would need to automatically
add entries to hosts.hfaxd (or some other database/table/file) which
could be used to assign unique uid/gid to each user, but which would not
replace or interfere with future authentications. So some development
would be required to enhance and expand hfaxd to do this.
Do you think a new attribute in ldap would help? I mean, it would be
possibile to add a faxGroup attribute to the currently used LDAP schema
(is it posixUser?) and use it as hylafax uid? Of course it will not be
usable via PAM, but it could be used when hylafax+ directly access LDAP.
Yes, this is certainly possible, but I think it requires code
development work. And in my way of thinking if someone is going to do
some development work for this then that could be best-spent
implementing a feature that works for all authentication methods (both
PAM and LDAP). So that's how I'd spend *my* time trying to resolve it
rather than developing something specific to LDAP.
I've added Joshua Kinard, the HylaFAX+ LDAP contributor, to this e-mail.
Joshua, with the current LDAP implementation in HylaFAX+ does hfaxd get
some kind of unique per-user uid or gid and then pass that back to
hfaxd? (Forgive me for not re-examining the code.) If not, do you have
any opinions on its implementation?
Moreover, I just checked ldap authentication in hylafax+ source code.
From what I understand, this only works on LDAP schema that have a
groupMembership (is it Novell eDirectory schema?).
I think it was developed for Microsoft Active Directory and also Novell.
It would not work on
posixGroup as they use memberUid attribute instead. Is it correct?
I don't know the answer to this question, but by all means the feature
could be expanded.
Thanks,
Lee.
____________________ HylaFAX(tm) Users Mailing List _______________________
To subscribe/unsubscribe, click http://lists.hylafax.org/cgi-bin/lsg2.cgi
On UNIX: mail -s unsubscribe hylafax-users-request@xxxxxxxxxxx < /dev/null
*To learn about commercial HylaFAX(tm) support, mail sales@xxxxxxxxx*